[GitHub] [ozone] bharatviswa504 commented on a change in pull request #2000: HDDS-4915. [SCM HA Security] Integrate CertClient.

Sun, 28 Mar 2021 22:02:21 -0700 


bharatviswa504 commented on a change in pull request #2000:
URL: https://github.com/apache/ozone/pull/2000#discussion_r603015314



##########
File path: 
hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMSecurityProtocolServer.java
##########
@@ -155,18 +155,27 @@ public String getOMCertificate(OzoneManagerDetailsProto 
omDetails,
   public String getSCMCertificate(ScmNodeDetailsProto scmNodeDetails,
       String certSignReq) throws IOException {
     Objects.requireNonNull(scmNodeDetails);
-    LOGGER.info("Processing CSR for scm {}, nodeId: {}",
-        scmNodeDetails.getHostName(), scmNodeDetails.getScmNodeId());
+    String primaryScmId =
+        storageContainerManager.getScmStorageConfig().getPrimaryScmNodeId();
 
-    // Check clusterID
-    if (storageContainerManager.getClusterId().equals(
-        scmNodeDetails.getClusterId())) {
-      throw new IOException("SCM ClusterId mismatch. Peer SCM ClusterId " +
-          scmNodeDetails.getClusterId() + ", primary SCM ClusterId "
-          + storageContainerManager.getClusterId());
-    }
+    if (primaryScmId != null &&
+        primaryScmId.equals(storageContainerManager.getScmId())) {
+      LOGGER.info("Processing CSR for scm {}, nodeId: {}",
+          scmNodeDetails.getHostName(), scmNodeDetails.getScmNodeId());
+
+      // Check clusterID
+      if (!storageContainerManager.getClusterId().equals(
+          scmNodeDetails.getClusterId())) {
+        throw new IOException("SCM ClusterId mismatch. Peer SCM ClusterId " +
+            scmNodeDetails.getClusterId() + ", primary SCM ClusterId "
+            + storageContainerManager.getClusterId());
+      }
 
-    return getEncodedCertToString(certSignReq, NodeType.SCM);
+      return getEncodedCertToString(certSignReq, NodeType.SCM);
+    } else {
+      throw new SCMSecurityException("Get SCM Certificate can be run only " +
+          "primary SCM", PRIMARY_SCM_IS_NOT_LEADER);

Review comment:
       Renamed it to NOT_A_PRIMARY_SCM
   Complete handling of it will be done in HDDS-5027




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to